Remote Code Execution Vulnerability in CODESYS Control Runtime System
CVE-2025-41660

8.8HIGH

Key Information:

Vendor: Codesys
Status: Codesys Control Rte (sl); Codesys Control Rte (for Beckhoff Cx) Sl; Codesys Control Win (sl); Codesys Hmi (sl)
Vendor: CVE Published:; 24 March 2026

What is CVE-2025-41660?

A remote attacker with low privileges can exploit this vulnerability in the CODESYS Control runtime system to replace the boot application. This manipulation may lead to unauthorized code execution, posing significant risks to system integrity and security. It is essential for users to implement security measures and stay updated on security advisories to mitigate potential threats.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CODESYS Control for BeagleBone SL 0.0.0 < 4.21.0.0

CODESYS Control for emPC-A/iMX6 SL 0.0.0 < 4.21.0.0

CODESYS Control for IOT2000 SL 0.0.0 < 4.21.0.0

References

https://certvde.com/de/advisories/VDE-2026-011

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 24, 2026
Vulnerability Reserved
Apr 16, 2025

Credit

Luca Borzacchiello from Nozomi Networks

JSON

Codesys

What is CVE-2025-41660?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.